eHealth PKI certificate renamed as NASH

Written by Kate McDonald on 15 October 2013.

The Department of Human Services (DHS) has renamed the eHealth record PKI certificate for individual access to the provider portal of the PCEHR as the National Authentication Service for Health (NASH) PKI certificate for healthcare provider individuals.

It is also working to create a distinct look for NASH PKI certificates to differentiate them from Medicare PKI certificates used for claims and payments.

NASH PKI certificates for individuals can only be used with the PCEHR portal and are primarily issued on a USB token.

A DHS spokeswoman told an ICT forum recently that the department was also investigating options to allow healthcare organisations to register for the HI Service and NASH through the department’s Health Professional Online Services (HPOS).

The spokeswoman said the department was also considering a single sign-on project for HPOS to enable the ability to launch a HPOS session through general practice software.

“This is intended for low key administrative type transactions for eHealth and for the claims and payments services through HPOS,” she said.

NASH PKI certificates for individuals will also now be issued for two years rather than one, aligning with the NASH PKI certificates for healthcare organisations that were renamed in December 2012. These certificates, distributed on CDs, are used for secure messaging as well as for access to the PCEHR via the B2B gateway.

Current holders of any eHealth record PKI certificates will receive a NASH PKI certificate that is a two-year version automatically upon renewal.

The department provided an interim NASH solution for the launch of the PCEHR on July 1 last year, following the failure of IBM to produce a contracted solution. NEHTA later terminated IBM's contract, and the department has since developed the current solution for healthcare organisations, individual providers and supporting organisations such as contracted service providers.

The spokeswoman said there had been a rapid uptake of NASH from January this year.

“We've had over 7400 certificates issued in the last six months,” she said. “The majority of demand can be attributed to the ePIP program, which has been a major driver for adoption in general practice.

“We've had 635 issued in July. The demand for the healthcare organisation certs has remained relatively high due to the final ePIP deadline for secure message delivery, which was recently moved from August to October.”

Combining the two different types of NASH on the one token or CD is part of a long-term plan but is not yet possible, NEHTA CEO Peter Fleming told the forum.

“It is something that is ultimately a long-term objective of NEHTA's but if you think about it from a DHS perspective, there are about $15 billion worth of claims and payments going through, so we need to be extraordinarily careful that as we move down the track that there is absolutely no room for mistakes,” Mr Fleming said.

“The individual device should be able to hold multiple real estate, but that is a long-term position. Don't expect it in the next year or so.”

A roadmap for NASH is currently being developed for the next two years, but two-factor or multi-factor authentication is not yet confirmed in those plans, the department spokeswoman said.

“One of the things we are doing is looking at how we can make that application process easier,” she said. “It will make turnaround times a lot quicker and the process a lot easier as well.”